Senior JavaScript Security, Engineer, Tools

Vollzeit
Washington, DC, USA
vor 6 Monate

The worldwide data management software market is massive (IDC forecasts it to be $137.6 billion by 2026!). At MongoDB, we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading modern data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.

Responsibilities

As a Senior JavaScript Engineer focusing on security for the tools team, you will be instrumental in identifying the security requirements for the apps and services that the tools team develops and maintains, identifying potential vulnerabilities in various layers of our applications, and efficiently and effectively defining the work needed to address them consistently. You will directly collaborate with MongoDB corporate security and data governance teams, as well as Technical Services FedRamp stakeholders, and the CRM team, to identify the various requirements and security priorities, and translate them to actionable work items for the tools team. You’d be responsible for maintaining a high standard of security for the tools team apps and services and establishing security by design approach and best practices for the team to follow. You’ll be responsible for coordinating and managing security and data compliance requirements for the team. You will also contribute to our JavaScript codebase hands-on to improve the security of our code and applications, as well as develop and enhance features. 

Important Notice

Kindly be advised that this position is exclusively open to candidates residing within the United States Eastern or Central time zones, with the capacity to work remotely or with flexible arrangements from our NYC office. Please note that applicants from outside these specified US time zone locations or from outside the US will not be considered for this particular role. We encourage candidates who still need to meet these geographical criteria to explore other enriching opportunities available at MongoDB.

Candidate Profile

The qualified candidate for this role should possess the following qualifications:

  • 7+ years of hands-on experience designing and developing security mechanisms for full-stack web apps and systems that leverage modern security methods and best practices. 
  • Demonstrable expertise with Node js and an API framework (Express, Next.js, Fastify, etc)
  • Excellent Knowledge of secure coding and development practices and good knowledge of remediating common vulnerabilities and exploit techniques.
  • Good working knowledge of FedRamp, and supporting software development compliance for applications and systems developed for the US federal government. 
  • Experience with API security, container security, cloud policy, configuration, and security management tools.
  • Solid understanding of Secure SDLC (SSDLC), CI/CD, and cloud security
  • Proficiency in SSO and cert-based authentication mechanisms
  • Demonstrable experience applying security best practices such as principles of least privilege and defense-in-depth
  • Direct and recent working experience supporting software development compliance with at least one of the following: HITRUST, SOC 2, ISO 27001.
  • Excellent English communication skills, both verbal and written.
  • Ability to thrive in a fast-paced environment and adapt to changes seamlessly.
  • Demonstrable experience owning complex projects from inception to completion, with efficiency and organization.
  • Thrive in cross-functional environments and effectively collaborate with a wide range of stakeholders and teams. 

Nice to haves

  • Any of the relevant certifications such as CISSP, CCSP, OSCP
  • Experience with MongoDB database security best practices
  • Experience with SalesForce security best practices
  • Good hands-on experience with Splunk
  • Good working knowledge of software development with Python.

What makes you stand out

  • Comprehensive technical expertise in a variety of DevSecOps toolkits and scanners, such as Ansible, Artifactory, Black Duck, Synk, Terraform, Sigstore toolchain, or comparable technologies.
  • Experience with security for GenAI-enabled applications and services

Interview process

Upon successfully passing the preliminary screenings, candidates will be invited to participate in a live coding assessment, to determine the alignment of their technical proficiencies with the requirements of the role. 

It is imperative that candidates demonstrate a high level of technical expertise and experience in the live sessions; otherwise, they will be disqualified.

Success Measures

  • In 3 months, you’ve gained a deep understanding of the tools team ecosystem, apps and services, build and deployment workflows, security constraints, as well as stakeholders and relevant teams. You’ve started developing a roadmap and corresponding Jira artifacts for the tools team security requirements and initiatives. You have also gained a good understanding of our API codebase, and have started contributing to it. 
  • In 6 months, you have determined a feasible process and roadmap for addressing various security-related requirements for the tools team, and have gained alignment from the team. You have established good working relationships with the tools team engineers and leads as well as various stakeholders and teams that uphold corporate security and data governance. At this point, you are successfully leading security initiatives for the tools team. As well, you are contributing consistently to our API codebase with quality and high impact.   
  • In 12 months, you are successfully contributing to mentoring and growing other team members.  

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups to fertility assistance and a generous parental leave policy, we value our employees’ well-being and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. 

MongoDB’s base salary range for this role is posted below. Compensation at the time of offer is unique to each candidate and based on a variety of factors such as skill set, experience, qualifications, and work location. Salary is one part of MongoDB’s total compensation and benefits package. Other benefits for eligible employees may include: equity, participation in the employee stock purchase program, flexible paid time off, 20 weeks fully-paid gender-neutral parental leave, fertility and adoption assistance, 401(k) plan, mental health counseling, access to transgender-inclusive health insurance coverage, and health benefits offerings. Please note, the base salary range listed below and the benefits in this paragraph are only applicable to U.S.-based candidates.

MongoDB’s base salary range for this role in the U.S. is:$109,000—$215,000 USD